Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification

The ability to provide different Quality of Service (QoS) guarantees to traffic from different applications is a highly desired feature for many IP network operators, particularly for enterprise networks. Although various mechanisms exist for providing QoS in the network, QoS is yet to be widely deployed. We believe that a key factor holding back widespread QoS adoption is the absence of suitable methodologies/processes for appropriately mapping the traffic from different applications to different QoS classes. This is a challenging task, because many enterprise network operators who are interested in QoS do not know all the applications running on their network, and furthermore, over recent years port-based application classification has become problematic. We argue that measurement based automated Class of Service (CoS) mapping is an important practical problem that needs to be studied. In this paper we describe the requirements and associated challenges, and outline a solution framework for measurement based classification of traffic for QoS based on statistical application signatures. In our approach the signatures are chosen in such as way as to make them insensitive to the particular application layer protocol, but rather to determine the way in which an application is used -- for instance is it used interactively, or for bulk-data transport. The resulting application signature can then be used to derive the network layer signatures required to determine the CoS class for individual IP datagrams. Our evaluations using traffic traces from a variety of network locations, demonstrate the feasibility and potential of the approach.

[1]  Henning Schulzrinne,et al.  Real Time Streaming Protocol (RTSP) , 1998, RFC.

[2]  Mary K. Vernon,et al.  Analysis of educational media server workloads , 2001, NOSSDAV '01.

[3]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[4]  Theodore Johnson,et al.  Gigascope: a stream database for network applications , 2003, SIGMOD '03.

[5]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[6]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[7]  Vern Paxson,et al.  TCP Congestion Control , 1999, RFC.

[8]  Balachander Krishnamurthy,et al.  Web protocols and practice , 2001 .

[9]  Kimberly Claffy,et al.  Internet traffic characterization , 1994 .

[10]  Sally Floyd,et al.  Simulation-based comparisons of Tahoe, Reno and SACK TCP , 1996, CCRV.

[11]  Vern Paxson,et al.  Empirically derived analytic models of wide-area TCP connections , 1994, TNET.

[12]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[13]  B. Ohlman,et al.  A Framework for Differentiated Services , 1998 .

[14]  Sally Floyd,et al.  Connections with multiple congested gateways in packet-switched networks part 1: one-way traffic , 1991, CCRV.

[15]  George Varghese,et al.  Automatically inferring patterns of resource consumption in network traffic , 2003, SIGCOMM '03.

[16]  James E. Pitkow Summary of WWW characterizations , 2004, World Wide Web.

[17]  James E. Pitkow,et al.  Summary of WWW characterizations , 1998, World Wide Web.

[18]  Yin Zhang,et al.  Detecting Backdoors , 2000, USENIX Security Symposium.

[19]  Shriram Sarvotham,et al.  The Auckland data set : an access link observed , 2000 .

[20]  Mark S. Squillante,et al.  Profile-based traffic characterization of commercial web sites , 2003 .

[21]  Srinivasan Keshav,et al.  A Framework for Differentiated Services , 1999 .

[22]  Anja Feldmann,et al.  An analysis of Internet chat systems , 2003, IMC '03.

[23]  Donald F. Towsley,et al.  Modeling TCP throughput: a simple model and its empirical validation , 1998, SIGCOMM '98.

[24]  Matthew Mathis,et al.  The macroscopic behavior of the TCP congestion avoidance algorithm , 1997, CCRV.

[25]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[26]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[27]  Alec Wolman,et al.  Measurement and Analysis of a Streaming Media Workload , 2001, USITS.

[28]  Van Jacobson,et al.  Congestion avoidance and control , 1988, SIGCOMM '88.

[29]  Sudipto Guha,et al.  Fast, small-space algorithms for approximate histogram maintenance , 2002, STOC '02.

[30]  Eitan Altman,et al.  A stochastic model of TCP/IP with stationary random losses , 2005, TNET.

[31]  Anja Feldmann,et al.  Data networks as cascades: investigating the multifractal nature of Internet WAN traffic , 1998, SIGCOMM '98.

[32]  Jacobus Van der Merwe,et al.  Streaming Video Traffic : Characterization and Network Impact , 2002 .

[33]  Jean-Pierre Hubaux,et al.  A Survey of Differentiated Services Proposals for the Internet , 1998 .

[34]  Paul Barford,et al.  Generating representative Web workloads for network and server performance evaluation , 1998, SIGMETRICS '98/PERFORMANCE '98.

[35]  D. Ruppert The Elements of Statistical Learning: Data Mining, Inference, and Prediction , 2004 .